Date: Mon, 18 Dec 2000 09:29:12 -0600 From: Drew Sanford <drew@planetwe.com> To: Peter Ross <petros@pps.de> Cc: freebsd-security@freebsd.org Subject: Re: FTP and firewall Message-ID: <3A3E2D48.8030207@planetwe.com> References: <200012181431.PAA16565@jung9.pps.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Ross wrote: > I see five different ways to solve the FTP firewall problem: > > 1. external FTP server and mirror through the firewall > Problem: We need the server always up to date, > data more then 5 minutes old are not acceptable, > also inacceptable are corrupted files (e.g. for files which created by > internal processes while the mirror process works) > Can I use cpdup (ports collection)? I speak typo - I assume you mean cvsup. The answer is yes you can. Just cron the update process on the inside mirror and cvsupd on the ftp box. > 2. external FTP proxy server with access to a internal server > Problem: which proxy should I use? > 3. external FTP server with NFS access trough the firewall > Problem: NFS and security > 4. firewall with FTP server and NFS access to the company network > Problem: see above, > a firewall shouldn't running daemons with public access > 5. 3. or 4. with a more secure network file system (e.g. Coda ?) > -- Drew Sanford Systems Administrator Planetwe.com Email: drew@planetwe.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A3E2D48.8030207>